Posts

Showing posts from November, 2021

Dark Reading - Legal Cases and Privacy Rulings Aim to Curtail Facial Biometrics

Decisions in the UK and Australia, and lawsuits in the United States, could force facial-recognition providers to remove data from their machine-learning models. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/legal-cases-and-privacy-policies-threaten-use-of-facial-biometrics

Dark Reading - HP Issues Firmware Updates for Printer Product Vulnerabilities

More than 150 HP printer models have bugs that could enable attackers to steal data and gain an initial foothold on enterprise networks. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/hp-issues-firmware-updates-for-printer-product-vulnerabilities

Dark Reading - What’s the Difference Between SASE and SD-WAN?

While SD-WAN is a key part of a hybrid workplace and multicloud operation, it should be treated as a stepping stone to SASE, not an alternative. from Dark Reading https://www.darkreading.com/edge-ask-the-experts/what-s-the-difference-between-sase-and-sdwan-

Threat Post - How Decryption Can Improve Security

Strong encryption is critical to protecting sensitive business and personal data. Google estimates that 95 percent of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. This is a significant step forward for data integrity and consumer privacy. However, organizations […] from Threatpost https://threatpost.com/decryption-improve-security/176613/

Dark Reading - Attacker Sentenced in Multimillion-Dollar SIM Hijacking Scheme

A sixth member of international hacking group The Community was sentenced to 10 months in prison and ordered to pay $121,549.37 in restitution. from Dark Reading https://www.darkreading.com/endpoint/attacker-sentenced-in-multi-million-dollar-sim-hijacking-scheme

Threat Post - Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks

The insurer won’t pay for 'acts of cyber-war' or nation-state retaliation attacks.    from Threatpost https://threatpost.com/lloyds-cyber-insurance-exclusions/176669/

Rapid 7 - Ongoing Exploitation of Windows Installer CVE-2021-41379

Image
On November 9, 2021, as part of Patch Tuesday, Microsoft released an update to address CVE-2021-41379 , a “Windows Installer Elevation of Privilege Vulnerability” that had a modest CVSS score (5.5), without much fanfare. The original CVE allows an attacker to delete files on a system using elevated privileges. Fast-forward to November 22, 2021, when after investigating the patch, the researcher that discovered the vulnerability, Abdelhamid Naceri, found that it did not fully remediate the issue and published proof-of-concept (PoC) code on GitHub proving exploitation of the vulnerability is still possible on patched versions of Windows allowing for SYSTEM-level privileges. The working PoC “overwrites Microsoft Edge elevation service 'DACL' and copies itself to the service location, then executes it to gain elevated privileges.” With a zero-day exploit available, attackers have been chipping away at ways to utilize the vulnerability, especially in malware . As of November 30...

Threat Post - Finland Faces Blizzard of FluBot-Spreading Text Messages

Millions of texts leading to the Flubot spyware/banking trojan are targeting everyone who uses Androids in the country, in an "exceptional" attack. from Threatpost https://threatpost.com/finland-flubot-text-messages/176649/

Dark Reading - Government-Industry Cooperation May Be the Most Potent Ransomware Antidote

The side that's better at collaborating with allies will have the upper hand, and until now, that distinction has gone to the cybercriminals. from Dark Reading https://www.darkreading.com/attacks-breaches/government-industry-cooperation-may-be-the-most-potent-ransomware-antidote

Threat Post - Panasonic’s Data Breach Leaves Open Questions

Cyberattackers had unfettered access to the technology giant's file server for four months. from Threatpost https://threatpost.com/panasonic-data-breach-questions/176660/

Rapid 7 - Active Exploitation of Apache HTTP Server CVE-2021-40438

Image
On September 16, 2021, Apache released version 2.4.49 of HTTP Server, which included a fix for CVE-2021-40438 , a critical server-side request forgery (SSRF) vulnerability affecting Apache HTTP Server 2.4.48 and earlier versions. The vulnerability resides in mod_proxy and allows remote, unauthenticated attackers to force vulnerable HTTP servers to forward requests to arbitrary servers — giving them the ability to obtain or tamper with resources that would potentially otherwise be unavailable to them. Since other vendors bundle HTTP Server in their products, we expect to see a continued trickle of downstream advisories as third-party software producers update their dependencies. Cisco, for example, has more than 20 products they are investigating as potentially affected by CVE-2021-40438, including a number of network infrastructure solutions and security boundary devices. To be exploitable, CVE-2021-40438 requires that mod_proxy be enabled. It carries a CVSSv3 score of 9.0. Seve...

KnowBe4 - Bitcoin Scam Videos on Instagram are Part of an Elaborate Account Takeover Scam

Image
This elaborate scam uses social engineering to trick victims into sending the hacker Bitcoin while holding Instagram accounts hostage. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/bitcoin-scam-videos-on-instagram-are-part-of-an-elaborate-account-takeover-scam

KnowBe4 - Phishing Attacks Smash All Records in Q3 2021 With the Highest Monthly Number of Attacks Ever

Image
New data shows the business of phishing is moving “up and to the right” in nearly every way measurable, indicating a serious problem as threat actors continue to see growing success. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-attacks-smash-all-records-in-q3-2021-with-the-highest-monthly-number-of-attacks-ever

KnowBe4 - Mobile Phishing Attacks Surge 161% in the Energy Industry

Image
The need for increased mobile security in the Energy sector has become evident with new data highlighting why these phishing attacks are occurring and effective ways to stop them. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/mobile-phishing-attacks-surge-161-in-the-energy-industry

Dark Reading - Ransomware vs. Cities: A Cyber War

As smart cities become the new normal for urban living, they must be resilient against the speed and sophistication of modern cyber threats. from Dark Reading https://www.darkreading.com/dr-tech/ransomware-vs-cities-a-cyber-war

KnowBe4 - Data Breach Costs Increase by $1 Million When Remote Workers Are Involved

Image
You already knew remote workers increase the risk of cyberattack. New data spells out exactly what the impact of a remote workforce is on data breaches and the cost to remediate. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/data-breach-costs-increase-by-1-million-when-remote-workers-are-involved

Dark Reading - Finding Your Niche in Cybersecurity

With a little patience and research, you can discover a role you love that also protects those around you. from Dark Reading https://www.darkreading.com/careers-and-people/finding-your-niche-in-cybersecurity

KnowBe4 - CyberheistNews Vol 11 #47 [Heads Up] New Dangerous and Persistent "Metamorphic" Malware Strain Called Tardigrade

Image
from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-11-47-heads-up-new-dangerous-and-persistent-metamorphic-malware-strain-called-tardigrade

Threat Post - Yanluowang Ransomware Tied to Thieflock Threat Actor

Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research. from Threatpost https://threatpost.com/yanluowang-ransomware-thieflock-threat-actor/176640/

KnowBe4 - Spear Phishing Campaign Targets North Korean Defectors

Image
A state-sponsored threat actor is sending spear phishing emails to North Korean defectors and also to journalists who cover matters related to North Korea, according to researchers at Kaspersky. The threat actor first messages the target via a hacked Facebook account belonging to one of the target’s acquaintances. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/spear-phishing-campaign-targets-north-korean-defectors

KnowBe4 - [Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Image
J oin us for a live demo on Security Awareness Training and phishing in action! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/join-us-for-a-live-demo-on-simulated-phishing-and-awareness-training-2021

Schneier - Intel is Maintaining Legacy Technology for Security Research

Interesting : Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old products that remain in widespread use, vulnerable to attacks. Intel’s answer to this conundrum was to create a warehouse and laboratory in Costa Rica, where the company already had a research-and-development lab, to store the breadth of its technology and make the devices available for remote testing. After planning began in mid-2018, the Long-Term Retention Lab was up and running in the second half of 2019. The warehouse stores around 3,000 pieces of hardware and software, going back about a decade. Intel plans to expand next year, nearly doubling the space to 27,000 square feet from 14,000, allowing the facility to house 6,000 pieces of computer equipment. Intel engineers can request a specif...

Dark Reading - Armis Now Valued at $3.4B

One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago. from Dark Reading https://www.darkreading.com/perimeter/armis-now-valued-at-3-4b

Dark Reading - Stellar Cyber Raises $38M Series B to Address Need to Provide 360-Degree Visibility Across Entire Attack Surface

Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership. from Dark Reading https://www.darkreading.com/attacks-breaches/stellar-cyber-raises-38m-series-b-to-address-need-to-provide-360-degree-visibility-across-entire-attack-surface

Dark Reading - 9 out of 10 Healthcare Organizations Provide Telehealth Services, Yet Almost Half Face Patients' Mistrust Toward Privacy

Kaspersky surveyed healthcare decision-makers to learn how the digital transformation of the industry is going and which problems they believe should be solved to create a world in which everyone can gain access to quality care. from Dark Reading https://www.darkreading.com/endpoint/9-out-of-10-healthcare-organizations-provide-telehealth-services-yet-almost-half-face-patients-mistrust-toward-privacy

Recorded Future - Leaked Credentials Leads Are Candy for Dark Web Actors

Image
Nobody loves cheap and easy things more than cybercriminals. And few things are as abundant and easy to use as stolen emails and passwords (or password hashes). Over the last 5 years , 11.7 billion credentials have been leaked across the Internet, 61% of breaches involve leaked credentials. and the effects of credential theft spill well beyond a single account—as 65% of users reuse passwords across sites.  Leaked credentials are the easiest attack vector into companies for cybercriminals. They use leaked or stolen credentials to log in to corporate accounts and systems, subverting security through stolen trust. From that initial point of access criminals have a number of options at their disposal from stealing information directly, to launching business email compromise, to exploiting vulnerabilities for privilege escalation. How Do Cybercriminals Acquire and Use Credentials? User names—which are often email addresses—and passwords can be stolen or bought by criminals. Cri...

Recorded Future - Preparing for the Next Ransomware Generation

Image
On this week’s show we welcome back Recorded Future’s Allan Liska to discuss his newly published book, Ransomware: Understand, Prevent, Recover . In the years since Allan co-authored his previous book on ransomware much has changed, with an increased sophistication from the threat actors, higher ransom demands and extortion thrown into the mix. Allan Liska explains these changes, and provides his expert insights on what organizations need to do to protect themselves from this continuing threat.            This podcast was produced in partnership with the CyberWire . The post Preparing for the Next Ransomware Generation appeared first on Recorded Future . from Recorded Future https://www.recordedfuture.com/podcast-episode-236/

Dark Reading - IKEA Email Systems Targeted in Cyberattack

Attackers are reportedly targeting IKEA employees in a phishing campaign that leverages stolen reply-chain emails. from Dark Reading https://www.darkreading.com/attacks-breaches/ikea-email-systems-targeted-in-cyberattack

Dark Reading - Phishing Remains the Most Common Cause of Data Breaches, Survey Says

Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year. from Dark Reading https://www.darkreading.com/edge-threat-monitor/phishing-remains-the-most-common-cause-of-data-breaches-survey-says

Dark Reading - Google Analyzes Methods Behind GCP Workload Attacks

The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows. from Dark Reading https://www.darkreading.com/threat-intelligence/google-analyzes-methods-behind-gcp-workload-attacks

Dark Reading - Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation

HAECHI-II initiative represents Interpol's stepped-up efforts to tackle the operators of financially motivated online scams and other cyberattacks. from Dark Reading https://www.darkreading.com/attacks-breaches/over-1-000-individuals-arrested-in-international-cybercrime-fighting-operation

Threat Post - IKEA Hit by Email Reply-Chain Cyberattack

IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads. from Threatpost https://threatpost.com/ikea-email-reply-chain-attack/176625/

Dark Reading - Panasonic Hit in Data Breach

Tech firm reveals that data on one of its file servers was accessed by attackers. from Dark Reading https://www.darkreading.com/attacks-breaches/panasonic-hit-in-data-breach

Threat Post - Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months

Attackers are honing Google Play dropper campaigns, overcoming app store restrictions. from Threatpost https://threatpost.com/banking-trojan-infections-google-play/176630/

Threat Post - ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks

The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea. from Threatpost https://threatpost.com/scarcruft-apt-desktop-mobile-attacks/176620/

Threat Post - Unpatched Windows Zero-Day Allows Privileged File Access

A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug. from Threatpost https://threatpost.com/unpatched-windows-zero-day-privileged-file-access/176609/

Threat Post - Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers

Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself. from Threatpost https://threatpost.com/shape-shifting-tardigrade-malware-hits-vaccine-makers/176601/

US-CERT - Vulnerability Summary for the Week of November 22, 2021

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/bulletins/sb21-333

KnowBe4 - Phishing Reported in IKEA’s Internal Email System

Image
IKEA has been working to contain a continuing phishing campaign that’s afflicting the furniture and houseware chain’s internal email system. BleepingComputer describes it as a “reply-chain email attack.” This form of attack is unusual but not unknown. The attackers obtain a legitimate corporate email and reply to it. “As the reply-chain emails are legitimate emails from a company,” BleepingComputer explains, “and are commonly sent from compromised email accounts and internal servers, recipients will trust the email and be more likely to open the malicious documents.” from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-reported-in-ikeas-internal-email-system

Dark Reading - NanoLock Security and Waterfall Security Partner to Deliver OT Security for Industrial and Energy Applications

The solution combines NanoLock’s device-level, zero-trust protection with Waterfall’s hardware-enforced IT/OT perimeter protection to provide a powerful OT security solution that mitigates cyber events from both IT and OT networks. from Dark Reading https://www.darkreading.com/operations/nanolock-security-and-waterfall-security-partner-to-deliver-ot-security-for-industrial-and-energy-applications

Dark Reading - Paving the Road to Zero Trust With Adaptive Authentication

A gradual transition to a world beyond passwords predisposes zero-trust projects to success. from Dark Reading https://www.darkreading.com/vulnerabilities-threats/paving-the-road-to-zero-trust-with-adaptive-authentication

KnowBe4 - New Dangerous and Persistent "Metamorphic" Malware Strain Called Tardigrade

Image
Michael Kan at PCMag reported on this new strain of Windows malware.  It can constantly adapt to avoid detection and was first found targeting the biotech industry, including the infrastructure behind vaccine manufacturing, according to security researchers. The warning comes from a non-profit called BIO-ISAC , which focuses on information sharing to protect the biotech industry from cybersecurity threats. The threat is setting off alarm bells because it goes beyond typical polymorphic malware, which will only rewrite part of its computer code to evade detection. Instead, the uncovered malware goes even further by completely recompiling its code during each infection when it first connects to the internet. This “metamorphic” ability prevents the malware from leaving a consistent signature behind, making it harder for antivirus programs to spot. According to Wired, one security researcher tested the malware almost 100 times and “every time it built itself in a different way ...

KnowBe4 - John Scimone, SVP and Chief Security Officer at Dell Technologies, says “security is everyone's job.”

Image
Organizations need to build a culture of security in order to defend themselves against cyberattacks, according to John Scimone, Senior Vice President and Chief Security Officer at Dell Technologies. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/john-scimone-svp-and-chief-security-officer-at-dell-technologies-says-security-is-everyones-job

KnowBe4 - New Dangerous and Persistent "Metamorphic" Malware Family Called Tardigrade

Image
Michael Kan at PCMag reported on this new strain of Windows malware.  It can constantly adapt to avoid detection and was first found targeting the biotech industry, including the infrastructure behind vaccine manufacturing, according to security researchers. The warning comes from a non-profit called BIO-ISAC , which focuses on information sharing to protect the biotech industry from cybersecurity threats. The threat is setting off alarm bells because it goes beyond typical polymorphic malware, which will only rewrite part of its computer code to evade detection. Instead, the uncovered malware goes even further by completely recompiling its code during each infection when it first connects to the internet. This “metamorphic” ability prevents the malware from leaving a consistent signature behind, making it harder for antivirus programs to spot. According to Wired, one security researcher tested the malware almost 100 times and “every time it built itself in a different way ...

Schneier - Friday Squid Blogging: Bobtail Squid and Vibrio Bacteria

Research on the Vibrio bacteria and its co-evolution with its bobtail squid hosts. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here . from Schneier on Security https://www.schneier.com/blog/archives/2021/11/friday-squid-blogging-bobtail-squid-and-vibrio-bacteria.html

Krebs - The Internet is Held Together With Spit & Baling Wire

Image
A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the largest Internet backbones. Based in Monroe, La., Lumen Technologies Inc. [ NYSE: LUMN ] (formerly CenturyLink ) is one of more than two dozen entities that operate what’s known as an Internet Routing Registry (IRR). These IRRs maintain routing databases used by network operators to register their assigned network resources — i.e., the Internet addresses that have been allocated to their organization. The data maintained by the IRRs help keep track of which organizations have the right to access what Internet address space in the global routing system. Collectively, the information voluntarily submitted to the IRRs forms a distributed database o...

Rapid 7 - Metasploit Wrap-Up

Image
Self-Service Remote Code Execution This week, our own @wvu-r7 added an exploit module that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API authentication bypass vulnerability identified as CVE-2021-40539 , where an error in the REST API URL normalization routine makes it possible to bypass security filters and upload arbitrary files on the target. wvu’s new module simply uploads a Java payload to the target and executes it, granting code execution as SYSTEM if ManageEngine ADSelfService Plus was started as a service. Storm Alert Warning, this is not a drill! A critical unauthenticated command injection vulnerability is approaching the Nimbus service component of Apache Storm and has been given the name CVE-2021-38294 . A new exploit module authored by our very own zeroSteiner has landed and will exploit this vulnerability t...

Schneier - Proposed UK Law Bans Default Passwords

Following California’s lead, a new UK law would ban default passwords in IoT devices. from Schneier on Security https://www.schneier.com/blog/archives/2021/11/proposed-uk-law-bans-default-passwords.html

Threat Post - New Twists on Gift-Card Scams Flourish on Black Friday

Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday. from Threatpost https://threatpost.com/new-twists-on-gift-card-scams-flourish-on-black-friday/176593/

KnowBe4 - FBI: Cyber Attacks Target Organizations Involved in Mergers and Acquisitions

Image
A new notification from the FBI warns organizations of attacks at the perfect time when organizations are spending money, new people are being introduced, and operations are in flux. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/fbi-cyber-attacks-target-organizations-involved-in-mergers-and-acquisitions

KnowBe4 - Email Classified as ‘Malicious’ by Employees Has Increased by 35% in the Last Year

Image
New data shows Phishing , Vishing, Social Media attacks, and Microsoft 365 credential attacks are all on the rise as more users are demonstrating savviness around identifying malicious content. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/email-classified-as-malicious-by-employees-has-increased-by-35-in-the-last-year

KnowBe4 - Phishing Attacks Impersonating Amazon Continue, Raising Concerns on the Cusp of Black Friday and the Holidays

Image
New phishing attacks in the form of impersonated Amazon order confirmation emails cause potential victims to make phone calls and give up credit card details. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/phishing-attacks-impersonating-amazon-continue-raising-concerns-on-the-cusp-of-black-friday-and-the-holidays

KnowBe4 - Planning on Relaxing During the Holiday? Think Again – Ransomware Attacks May Have You Working Over a Holiday Break!

Image
New data shows a majority of organizations experience ransomware attacks during holiday breaks, disrupting operations and your time away from work! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/planning-on-relaxing-during-the-holiday-think-again-ransomware-attacks-may-have-you-working-over-a-holiday-break

Dark Reading - OpenText Acquires Bricata

The acquisition adds next-generation network detection and response technology to OpenText Security & Protection Cloud. from Dark Reading https://www.darkreading.com/dr-tech/opentext-acquires-bricata

Dark Reading - How Threat Actors Get into OT Systems

The convergence and integration of OT and IT has resulted in a growing number of cyber risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems. from Dark Reading https://www.darkreading.com/edge-articles/how-threat-actors-get-into-ot-systems

Rapid 7 - [Security Nation] Chris John Riley on Minimum Viable Secure Product (MVSP)

Image
In the final installment of Season 4 of Security Nation, Jen and Tod sit down with Chris John Riley, senior security engineer at Google and co-host of the First Impressions podcast (the one about cybersecurity, not Jane Austen). They chat about Minimum Viable Secure Product (MVSP), a set of controls Chris recently helped develop at Google that aim to provide a better baseline for security when evaluating vendor risk. They discuss the state of supply chain security for technology vendors and the challenges of establishing what really qualifies as “minimum” in terms of security protocols. Stick around for our Rapid Rundown, where Tod and Jen talk about a recently disclosed DNS rebinding vulnerability in Sky routers that exposed them to takeover attacks over the course of a whopping 17 months. Check back in with us for Season 5 of Security Nation in January. In the meantime, have a safe holiday and a happy New Year!​ Chris John Riley Chris John Riley is a Senior Security Engineer at...

Dark Reading - MediaTek Chip Flaw Could Have Let Attackers Spy on Android Phones

MediaTek systems-on-a-chip are embedded in more than one-third of smartphones and IoT devices around the world. from Dark Reading https://www.darkreading.com/threat-intelligence/mediatek-chip-flaw-could-have-let-attackers-spy-on-android-phones

Dark Reading - In Appreciation: Dark Reading's Tim Wilson

Dark Reading co-founder and editor-in-chief Tim Wilson passed away on Nov. 23. from Dark Reading https://www.darkreading.com/careers-and-people/in-appreciation-tim-wilson

Threat Post - 9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery

A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices. from Threatpost https://threatpost.com/9m-androids-malware-games-huawei-appgallery/176581/

Threat Post - How to Defend Against Mobile App Impersonation

Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this. from Threatpost https://threatpost.com/defend-app-impersonation/176519/

US-CERT - VMware Releases Security Updates

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/11/24/vmware-releases-security-updates

US-CERT - CISA Releases Capacity Enhancement Guides to Enhance Mobile Device Cybersecurity for Consumers and Organizations

from CISA All NCAS Products https://us-cert.cisa.gov/ncas/current-activity/2021/11/18/cisa-releases-capacity-enhancement-guides-enhance-mobile-device

Threat Post - GoDaddy Breach Widens to Include Reseller Subsidiaries

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen. from Threatpost https://threatpost.com/godaddy-breach-widens-reseller-subsidiaries/176575/

Threat Post - Apple’s NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker

Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company's woes. from Threatpost https://threatpost.com/apple-nso-lawsuit-pegasus-spyware/176565/

Schneier - Apple Sues NSO Group

Piling more on NSO Group’s legal troubles, Apple is < a href=”https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/”>suing them: The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers. More news : Apple’s legal complaint provides new information on NSO Group’s FORCEDENTRY, an exploit for a now-patched vulnerability previously used to break into a victim’s Apple device and install the latest version of NSO Group’s spyware product, Pegasus. The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto. The spyware was used to attack a small ...

Dark Reading - When Will Security Frameworks Catch Up With the New Cybersecurity Normal?

Standards need to reflect that most endpoints will be remote and/or wireless. from Dark Reading https://www.darkreading.com/endpoint/when-will-security-frameworks-catch-up-with-the-new-cybersecurity-normal-

Threat Post - Attackers Actively Target Windows Installer Zero-Day

Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month. from Threatpost https://threatpost.com/attackers-target-windows-installer-bug/176558/

Dark Reading - Why Should I Adopt a Zero Trust Security Strategy?

Zero Trust is the right approach for protecting your end users. Executing it in the right way will also help you comply with the NIST standards and upcoming federal mandates. from Dark Reading https://www.darkreading.com/edge-ask-the-experts/why-should-i-adopt-a-zero-trust-security-strategy-

Dark Reading - Baffle's Data Privacy Cloud Protects Data for Amazon Redshift Customers

Amazon Redshift customers can use Baffle’s Data Privacy Cloud to secure the data pipeline as source data is migrated to Redshift and used for data analytics. from Dark Reading https://www.darkreading.com/dr-tech/baffle-data-privacy-cloud-protects-data-for-amazon-redshift-customers

Dark Reading - New Android Spyware Variants Linked to Middle Eastern APT

The new variants, improved for stealth and persistence, share code with other malware samples attributed to the C-23 APT. from Dark Reading https://www.darkreading.com/threat-intelligence/new-android-spyware-variants-linked-to-middle-eastern-apt

KnowBe4 - Avoid Donating to Charity Scammers During Giving Tuesday 2021

Image
Giving Tuesday is a great way for organizations and people to give back. However, this gives cybercriminals opportunities to take advantage of you with charity scams. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/avoid-donating-to-charity-scammers-during-giving-tuesday-2021

KnowBe4 - [Scam of the Week] Black Friday & Cyber Monday Cybersecurity Tips 2021

Image
Cybercriminals are at it again with holiday phishing scams. Because of the popularity of online shopping, retailers' online Black Friday deals attract more and more scammers every year. Cyber Monday will also mean big online sales. That means you and your users need to be extra cautious when shopping online over the Black Friday and Cyber Monday weekend. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/scam-of-the-week-black-friday-cyber-monday-cybersecurity-tips

KnowBe4 - [FREE Resource Kit] Stay Safe This Holiday Season with KnowBe4

Image
Are your users aware of the holiday phishing scams cybercriminals will be sending them? This holiday season may be closer to "normal" this year, and that means users will be even more focused on holiday activities. Cybercriminals will take advantage of holiday distractions and use social engineering  tactics to trick your users into becoming the next victim. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/free-resource-kit-stay-safe-this-holiday-season

Dark Reading - Apple Sues NSO Group for Spyware Use

The company seeks to hold Israeli firm NSO Group liable for the targeting of Apple users and requests a permanent injunction to ban its use of Apple products and services. from Dark Reading https://www.darkreading.com/endpoint/apple-sues-israel-s-nso-group-for-spyware-use

Threat Post - Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast

That’s just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet’s Derek Manky. from Threatpost https://threatpost.com/attackers-will-flock-to-crypto-wallets-linux-in-2022-podcast/176546/

Dark Reading - Holiday Scams Drive SMS Phishing Attacks

Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well. from Dark Reading https://www.darkreading.com/threat-intelligence/holiday-scams-drive-sms-phishing-attacks